Hackers breached DHS information-sharing network, people familiar say
The Homeland Security Information Network is used by government, international and private sector partners to share sensitive but unclassified information.
A key Department of Homeland Security information-sharing database was accessed by an unknown threat actor in recent weeks, potentially exposing sensitive data exchanged between federal, state, local and industry partners, according to two people familiar with the matter.
DHS investigators are probing the intrusion of the Homeland Security Information Network, said both people, who spoke on the condition of anonymity because the incident is sensitive. The hackers’ affiliation and whether any documentation was pilfered from the system are both unclear.
The department’s Office of Intelligence and Analysis has conducted a damage assessment of the intrusion, which is believed to have occurred sometime between late May and early June, said one of the people. The hackers targeted HSIN servers and a SharePoint system used for collaboration efforts, the person added.
Approved users lean on the network to securely access data, exchange requests with partner agencies, manage operations, coordinate safety and security for planned events, respond to incidents and share mission-critical information needed to protect their communities, according to its website. HSIN carries unclassified but sensitive information shared among federal, state, local, territorial, tribal, international and private-sector partners.
The intrusion comes as the U.S. is overseeing security for World Cup games across the country, placing added scrutiny on the systems federal, state and local officials use to coordinate major events. A breach of the platform could raise concerns about whether hackers gained insight into security planning, interagency coordination or response procedures surrounding one of the most visible international events hosted predominately in the United States.
The platform supports real-time communication, document sharing, alerts, web conferencing and incident management. It’s also used to exchange information about persons of interest and potential threats to help agencies maintain situational awareness during emergencies and events.
Nextgov/FCW has asked DHS for comment.
The development would not be the first time HSIN has faced security problems. In 2023, an access misconfiguration linked to a contractor’s coding error caused restricted HSIN data to be exposed to unapproved users inside the platform, according to a memo obtained by Nextgov/FCW.
The error let information intended for a limited set of authorized users be made available more broadly across HSIN, including sensitive U.S. person data and other personally identifying information. The full consequences of that misconfiguration are still unclear, according to a third person. Wired previously reported that incident.
Nation-state groups and criminal hackers routinely target U.S. systems to collect intelligence, steal sensitive information, disrupt operations or gain footholds inside government networks. In February, a suspected China-linked breach of an FBI surveillance system likely revealed phone numbers of targets being monitored by the bureau, Nextgov/FCW previously reported.
To securely contact the reporter for this story, he can be reached on Signal at username djd.99
NEXT STORY: Secret Service phone security lapses put US officials at risk, watchdog says